Cyber-criminals have attacked key government and consumer websites, allowing them to steal the personal details of anyone browsing the sites, The Times has learnt.

Eastern European hackers are suspected of placing the Asprox virus on more than a thousand British websites, including those run by the NHS and a local council, in the past two weeks.

Experts described the Asprox virus as a alarming departure from commonplace viruses which tend to be spread through rogue e-mails and unregulated websites.

Unlike other viruses, Asprox sits undetected on mainstream sites, with any visitor at risk of being infected. The virus automatically installs itself on a visitor's computer, allowing a hacker to access financial information.

It is not known how many people are affected by the virus, but security experts estimate that it has spread to at least two million computers worldwide.

Detective Constable Bob Burls, of the Metropolitan Police computer crime unit, said that there had been a sudden rise in infection rates. “The virus got into the job pages of a local council’s internet page,” he said. “It’s a new thing that people who visit mainstream websites are clobbered.”

Such incidents have only come to light after people have found money removed from their bank accounts or other personal data frauds.

“We’ve dealt with two major websites in as many weeks,” he said

Kaspersky Lab, a leading developer of secure content management systems, reports the detection of a malicious program that infects WMA audio files. The objective of the infection is to install a Trojan that gives a cybercriminal control of the user’s computer.

The worm, which was named Worm.Win32.GetCodec.a, converts mp3 files to the Windows Media Audio (WMA) format (without changing the .mp3 extension) and adds a marker with a link to an infected web page to the converted files. The marker is activated automatically during file playback. It opens an infected page in Internet Explorer where the user is asked to download and install a file which, according to the website, is a codec. If the user agrees to install the file, a Trojan known as Trojan-Proxy.Win32.Agent.arp is downloaded to the computer, giving cybercriminals control of the victim PC.

Unlike earlier Trojans, which used the WMA format only to mask their presence on the system (i.e., the infected objects were not music files), this worm infects audio files. According to Kaspersky Lab virus analysts, this is the first such case. The likelihood of a successful attack is increased because most users trust their audio files and do not associate them with possible infections. It should be noted that the file on the counterfeit web page is digitally signed by Inter Technologies and is identified by www.usertrust.com, the resource that issued the digital signature, as trusted.

Immediately after Worm.Win32.GetCodec.a was detected, its signatures were added to Kaspersky Lab’s antivirus databases.